CVE-2016-6485

EPSS 0.08% · P24 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-6485

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Magento 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Magento是美国Magento公司的一套开源的PHP电子商务系统。该系统提供权限管理、搜索引擎和支付网关等功能。 Magento 2版本中的Framework/Encryption/Crypt.php文件的‘__construct ’函数存在安全漏洞。远程攻击者可通过猜测值利用该漏洞破坏密码保护机制。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2016-6485

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-6485

Please Login to view more intelligence information

https://github.com/magento/magento2/pull/15017x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/07/19/3mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/07/27/14mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2016-6485

Same Patch Batch · n/a · 2017-03-01 · 49 CVEs total

CVE-2017-5851		Mp3splt 安全漏洞
CVE-2017-5854		PoDoFo 安全漏洞
CVE-2017-5886		PoDoFo 缓冲区错误漏洞
CVE-2017-5977		ZZIPlib 安全漏洞
CVE-2017-5978		ZZIPlib 安全漏洞
CVE-2017-5979		ZZIPlib 安全漏洞
CVE-2017-5980		ZZIPlib 安全漏洞
CVE-2017-5981		ZZIPlib 安全漏洞
CVE-2017-5976		ZZIPlib 缓冲区错误漏洞
CVE-2017-5852		PoDoFo 安全漏洞
CVE-2017-5853		PoDoFo 数字错误漏洞
CVE-2017-5666		Mp3splt 安全漏洞
CVE-2017-5665		libmp3splt 安全漏洞
CVE-2017-5504		JasPer 缓冲区错误漏洞
CVE-2017-5503		JasPer 缓冲区错误漏洞
CVE-2017-5502		JasPer 安全漏洞
CVE-2017-5501		JasPer 数字错误漏洞
CVE-2017-5500		JasPer 安全漏洞
CVE-2017-5499		JasPer 数字错误漏洞
CVE-2017-5498		JasPer 数字错误漏洞

Showing top 20 of 49 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2016-6485

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2016-6485

I. Basic Information for CVE-2016-6485

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-6485

III. Intelligence Information for CVE-2016-6485

Same Patch Batch · n/a · 2017-03-01 · 49 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2016-6485

Leave a comment